The rapid growth of the NFT market has caught US consumers and brands alike by surprise. Yet, NFTs are still far from ubiquitous or well understood. In the United States, a recent survey by Security.org indicated that the number of people familiar with NFTs increased from about 20% in 2021 to around 65% in 2022, yet only 4% of U.S. adults have ever owned an NFT. Even so, brands are increasingly using NFTs to improve consumer engagement, authenticate goods, and drive online auctions. Coinciding with the growth of the metaverse and expansion of web3, the market for digital NFT artwork alone is estimated to expand from US$3 billion to more than US$13 billion dollars over the next 5 years – with much of the existing market presence and expected growth coming from the United States.

Reflected in that market size is the secondary market for NFTs, which has also shown steep growth. During 2021, one blockchain tracing firm tracked a minimum US$44.2 billion worth of cryptocurrency sent to ERC-721 and ERC-1155 contracts — the two types of Ethereum smart contracts associated with NFT marketplaces and collections — up from just US$106 million in 2020.

As brands and consumers increasingly gain familiarity with NFTs, certain industries –  namely, sports, gaming, art and music, luxury goods, and alcohol and spirits – are leading the way. Common use cases include NFTs as a collectible image, video or audio, as rewards or prizes, as a means of tracing authenticity, paying out a royalty to an artist or creator, identifying membership to an exclusive club, and as a redeemable (and tradeable) ticket for a physical item or experience.

As examples, owners of Bored Ape NFTs are members of an exclusive club, which affords them access to member-only events and has been called by Forbes “the epitome of coolness for many.” An NFT of Twitter founder Jack Dorsey’s first tweet sold for US$2.9 million, and digital NFT artwork has sold in the tens of millions. Luxury fashion house Prada gifted NFTs to purchasers of an exclusive, limited collaboration. Glenfiddich created a series of 15 limited edition liquor NFTs, each corresponding to a physical bottle of Scotch Whiskey sold by the company. Buffalo Trace Distillery sold five OFC Vintage Bourbon whiskey NFTs in a charity auction, raising a total of US$280,000. Other brands have curated exclusive experiences for NFT holders; the fashion brand Balmain recently sold NFTs redeemable for fashion show invitations and backstage opportunities to meet the brand’s creative director. These NFTs can then be re-sold on a secondary market.

Other industries and use cases – such as real estate, vehicle rentals, and healthcare records – are expanding in the space. Meanwhile, the NFT market is becoming increasingly accessible because of fractional ownership of NFTs – or “fractionalization” – which allows consumers to invest in and trade on expensive NFTs or physical goods tied to NFTs with a smaller minimum investment.

Despite the absence of NFT-specific regulations in the United States currently, NFTs are regulated in the US similar to other digital tokens, meaning that NFTs may be regulated:

• As a commodity, under the jurisdiction of the Commodity Futures Trading Commission (CFTC);
• As a security, under the jurisdiction of the Securities and Exchange Commission (SEC);
• As some form of “value” regulated by the Financial Crimes Enforcement Network, a component of the U.S. Treasury (FinCEN), and
• As a form of intellectual property.

NFTs (depending on their specific features, functions, and economic reality) may be governed by a framework of existing securities, anti-money laundering (AML), financial services, consumer protection and privacy regulations under US federal and state laws. Depending on the state laws that govern the creation and use of the NFT, if NFTs are offered as sweepstake rewards, they may be restricted under state illegal lottery laws. Likewise, state escheatment laws governing unclaimed property may also be applicable as NFTs age, if they are held in hosted wallets or otherwise in the possession of a holder other than the owner. We also note that not all digital assets that are referred to as NFTs are the same and, thus, not all will be treated the same way from a regulatory perspective. As an example, fractionalized NFTs have different regulatory considerations than others, as described below.

Securities Law

Absent federal legislative clarification on which types of digital assets may be securities or ancillary securities, courts still look to the Howey Test to determine what qualifies as a security in the US. Under Howey, an investment contract (or security), is defined as a transaction, scheme or contract where there is (1) an investment of money, (2) in a common enterprise, (3) with the expectation of profit (4) solely from the efforts of others. The definition can be very broad. At its most basic level, some of the hallmark characteristics of an NFT are that they are unique and non-fungible. This makes them more like a collectible that may appreciate (or depreciate) as opposed to a traditional security. But, as we described further below, new types of NFTs – and in particular, fractional NFTs – are starting to raise securities laws questions. While an NFT’s uniqueness may leave unsettled the legal question of whether it is a security, there are still several types of fraudulent conduct, such as wash trading, insider trading and front running, that wrongdoers in the NFT market can engage in.

Anti-Money Laundering

AML requirements are intended to safeguard the U.S. financial system from use by those seeking to move, hide, or spend the proceeds of crime. Various types of financial institutions, including banks, casinos, and money services businesses (or MSBs, which include businesses that transmit value in any form, including convertible virtual currency or digital assets), are subject to a variety of AML requirements, including the requirements to register with FinCEN (and potentially obtain licenses from state regulators), implement a risk-based AML policy, and report suspicious activities. The applicability of these rules to platforms or other persons doing business transferring virtual assets during the buying or selling of NFTs depends on whether their NFT-related activities would render them a money transmitter or other type of financial institution. This is a fact-intensive inquiry that considers the nature of the business dealing in NFTs.

FinCEN has studied, but not yet issued regulations on, whether those platforms, auction houses, or online marketplaces that deal in NFTs or other forms of digital-ledger collectibles should, separate from their potential status as a MSB, be considered “financial institutions” for purposes of AML laws and regulations. It has noted several AML-related risks associated with NFTs, and the high-value art market generally, but declined to extend regulatory obligations to this market to the extent it is not already covered by existing MSB regulations.

Given the potential applicability of U.S. AML rules to various activities in the NFT ecosystem (minting, primary sale, facilitation of secondary sales, etc.), each party involved in the issuance and trading of NFTs should review its activities to determine if they implicate money transmission and AML rules. For example, the primary sale of an NFT in exchange for cryptocurrency may not, itself, constitute money transmission; but if the seller first offers a buyer the opportunity to exchange fiat currency for cryptocurrency to use in the purchase of the NFT, then that activity may constitute money transmission.

Consumer Protection Laws

Consumer protection laws are designed to prevent consumers from unfair or deceptive acts or practices, especially in markets where consumers are relying on sellers for clear disclosure of information such as price, usage, risks, transferability, and other key terms of the product. Unfortunately, the crypto and NFT space are rife with information asymmetries that can generate consumer confusion, in addition to theft and fraud concerns. So, consumers need a clear understanding of exactly what rights they are and what rights they are not receiving when they purchase an NFT, as well as what limitations may exist on their ability to receive remuneration in the event something goes wrong. Typically, these consumer protections concerns – which are governed at both the federal and state-level in the US – are addressed via terms of sale that go along with the NFT.

Privacy Laws

Although US federal and state privacy laws do not specifically address NFTs, companies engaging in the NFT market should consider the potential impacts of privacy laws. Blockchain registrations of NFT ownership may constitute personal information. NFT owners may not understand that their ownership registrations will be processed publicly and in a decentralized manner. As discussed in Section 5 below, companies may therefore benefit from providing consumers with clear disclosures about how their personal information will be processed.    

NFTs are unique, by design, and typically give the holder ownership over the data or media with which the token is associated. This gives rise to three main IP issues: (1) whether the issuer of the NFT had the necessary underlying rights to create the NFT; (2) what rights are acquired with the purchase of an NFT and (3) enforcement.

Necessary Underlying Rights

Companies looking to mint NFTs should ensure that they have the necessary rights to tokenize the underlying creative work. This can be done by through ownership or licensing, provided that the license rights are broad enough to cover the proposed use of the work. For example, if a company has a standard license to use a trademark or logo in order to sell or distribute a particular product, the licensor may try to argue that license does not cover the right to tokenize the logo nor extend rights into digital spaces such as the metaverse. In an abundance of caution, companies planning to create NFTs may wish to obtain a license that expressly includes the right to tokenize the brands or content. 

What Rights are Acquired / Transferred with the NFT

Content creators looking to have their works tokenized should think through what rights they wish to grant to purchasers. Creators who fail to do so may inadvertently give up their rights. For example, there is a current divide among content creators on whether NFTs (and in particular profile picture NFTs or PFP NFTs) should be licensed under traditional commercial copyright terms or under Creative Commons Zero (CC0), under which the creator waives all their copyright and related rights in the work to the fullest extent permitted by law (e.g., excluding moral rights).

Similarly, purchasers need to ensure that they understand the rights they receive when they acquire an NFT. Owning an NFT does not necessarily mean the purchaser owns the underlying work or may use the NFT freely. For example, the purchaser may receive the right to digitally display an NFT at their home, but not publicly. Purchasers may receive rights to copy or print the work, but not to distribute those copies. Conversely, with NFTs licensed under CC0, the NFT owner has broad rights to use, copy, display, modify, etc. the digital asset, but so can everyone else. The value there becomes the status of ownership and authenticity – or “pwnership” (a term coined by Brian L. Frye, law professor and NFT creator). If a purchaser owns a fractionalized NFT, the purchaser should understand any limitations as a result of fractional ownership.

For NFT creators that wish to transfer to the NFT purchaser the IP rights in the underlying work, US law requires, in most cases, a present assignment of those rights in writing and signed by the person making the transfer. However, many NFT sales may not currently satisfy those requirements and this is an area of law that has not yet been tested.

Enforcement

The U.S. Patent and Trademark Office and Copyright Office has  launched a study on intellectual property rights in NFTs, including a series of roundtables to take place in early 2023. The study is in direct response to a request from the Senate Committee on the Judiciary’s Subcommittee on Intellectual Property, and is prompted by mounting lawsuits and a lack of clarity around the IP treatment of NFTs, including with respect to future applications, transferability of ownership, licensing rights, IP infringement, and the IP rights of NFT creators. Examples of some big-name infringement claim examples include:

• In January 2022, Hermes filed a suit against Mason Rothschild for issuing NFTs of “MetaBirkins,” which depicted Hermes purses in digital form as covered in colorful fur. Despite the defendant’s claims that the NFTs were an “ironic nod to the iconic bag,” and an expression of his first amendment rights attacking the use of animal fur in the fashion world, in February 2023, a New York jury held Rothschild liable for trademark infringement, trademark dilution and cybersquatting. An appeal of this decision is likely, but this verdict bolsters the case for brands’ IP rights in virtual goods
• In June 2022, Yuga Labs, Inc., creators of the Bored Ape Yacht Club, sued Ryder Ripps and other defendants in California for trademark infringement, false designation of origin, false advertising, cybersquatting and conversion (among other grounds) for selling NFTs under a conceptual knock-off project.

The following are some of the common ways our clients are attempting to mitigate potential infringing activity: (1)  surveying or self-policing for infringement, (2) expanding trademark registrations into additional classes of trade, (3) applying for patent protection, (4) obtaining domain name registrations with common blockchain top-level domains (such as .nft or .io) and (5) submitting take-down requests under the Digital Millennium Copyright Act. We note that, in the U.S., a copyright registration is required to initiate an infringement suit.

As discussed above, a security under the Howey Test requires a transaction, scheme or contract where people or entities invest their funds in a common enterprise. The unique nature of each NFT, hence its non-fungibility, likely destroys the commonality required for an NFT sale, or even minting, to be considered a security. However, what about NFTs that are split into fractional ownership units and resold? Are those fractional units sufficiently similar to each other to be a common enterprise? SEC commissioner Hester Peirce has acknowledged the possibility that fractional NFTs very well could be a security in the U.S.

If the commonality prong were satisfied, the analysis would then consider whether the fractional owners are reliant on the efforts of a third party to promote and maintain the value of the NFT. This third party might be one of the fractional owners or an organization that is responsible for showcasing, listing, or otherwise marketing the NFT in order to maintain its value. 

Other financing issues arise when, through the course of secondary market sales, a purchaser buys an NFT that another buyer purports to own. While this is rare due to the traceable nature of blockchain-based transactions, there have been thefts of NFTs from wallets due to hacks or a wallet holder sharing their private key with others. In those cases, there may very well be a bona fide purchaser for value who subsequently holds the NFT, and state sales and UCC law would likely apply to that purchase.

NFT ownership is registered on blockchains. Although a blockchain registration may not directly identify a specific person, wallet identifiers or a set of transactions associated with a wallet or other identifier may reasonably identify an individual. As such, although an NFT itself may not constitute personal information, the blockchain registration of NFT ownership may. So, companies offering NFTs should consider compliance with federal and state privacy laws. At the state level, laws in California, Colorado, Connecticut, Utah, and Virginia may require companies to inform consumers about how their information will be collected, processed, and shared. In particular, companies may need to explain how personal information may be exposed in the blockchain. And companies may need to explain to consumers from those states how the immutability of blockchain registrations may mean that consumers cannot exercise their rights to delete personal information. 

At the federal level, companies offering NFTs should confirm that the processing of personal information in association with NFTs aligns with disclosures made in privacy notices and other public statements. For example, if a company has stated that transactions will always be “completely confidential” or that it “never discloses customer information to third parties for their own use”, that may not align with the posting of personal information to public blockchain registries. And companies offering NFTs that are of interest to children under the age of thirteen will need to consider compliance with the Children’s Online Privacy Protection Act (“COPPA”) and its requirements to obtain informed parental consent before processing personal information of children under thirteen. 

Scammers have been known to use phishing and similar exploits to obtain wallet credentials and conduct unauthorized transactions or steal funds. So, companies that engage in NFT transactions should confirm that they secure their wallet keys and account credentials. Security measures could include requiring two or more signatories for spending funds from digital wallets, maintaining wallet keys in secure environments, and confirming that wallet credentials and keys are reassigned as job roles change.

There are numerous exciting opportunities and developments to be found in the NFT space:

a.  Metaverse: The metaverse is essentially how we as humans interact with technology around us. Platforms where users can interact with each other in a digital world include, for example, Decentraland, Fortnite, Roblox, Minecraft, the Sandbox, and Otherside. For many, how they portray themselves in these digital worlds is as important to them as how they are seen in the physical world. As an example, a digital-only Gucci purse (without the potential for redemption of the physical item) existing exclusively on the Roblox gaming platform was sold for $4,115 – even more than the real-world price for the bag of $3,400. Balenciaga has created a dedicated metaverse division and launched its latest collection inside a virtual space. In 2022, Meta announced plans to invest $10 billion dollars in the metaverse and various consumer retailers are actively investigating the creation of virtual stores, not only to improve their image as modern and cutting edge, but also to get out in front of would-be infringers.

Business use cases in the metaverse include marketing campaigns, learning and development for employees, meeting spaces for events or conference, and product design or “digital twinning” of real-world settings where product testing and design can take place.

b.  Gaming: One of the drivers of metaverse development is gaming, and NFTs are increasingly part of those games. For example, there are Blockchain-based games in which users must purchase or otherwise acquire NFTs to play (the NFTs can be the characters themselves for the games or powers or accessories for the characters, or the NFTs can be digital sports cards used in fantasy sports contests). Some of these games are “play-to-earn” where players can earn prizes and rewards, which makes the NFTs they acquire for use in the game important. NFTs can also be part of “loot boxes” that players are able to acquire during their gaming experiences, which may be subject to laws on randomized rewards such ad raffles and lotteries.

c.  Retail / Luxury Goods: Retail and luxury good brands have harnessed NFTs to provide exclusive digital consumer goods (often to compliment or incentivize purchase of a tangible good), available on the Metaverse or in other virtual spaces. Other brands have used NFTs to increase brand recognition and raise funds for charitable causes. Adidas and Prada commissioned a large-scale NFT created from participant-submitted photographs, which was later auctioned for charity. Louis Vuitton and Burberry have collaborated with games creators to create NFT games.

Another use of NFTs in this space is to allow consumers to easily trade or auction exclusive tangible goods or experiences. Because NFTs are easily traceable and quickly transferrable, using NFTs to sell tangible goods can increase its value. Using NFTs to sell experiences is a new way to offer event tickets and allows brands to interact with the purchaser in new ways (for example, offering sweepstakes or give-aways to event attendees).

d.  Advertising: In the advertising space, companies are increasingly using NFTs to generate buzz and consumer engagement. For example, as part of the 2021 Macy’s Thanksgiving Day Parade, Macy’s offered an NFT release with various levels of exclusive NFTs available for free and for purchase. Proceeds generated from the initiative were donated to the Make-A-Wish Foundation charity.

e.  Art and Collectibles: The use of NFTs in the art and collectibles markets is similar to the use by retail and luxury goods markets. NFTs offer artists (or the original NFT seller) the opportunity to derive monetary value from the sale and resale of works of art. In addition to opening up new digital art opportunities, the trackability of NFTs offers artists a way to generate royalties on sales of tangible art, even on the secondary market. Companies looking to contract with artists to create digital art for NFTs should be aware of US IP considerations, including work-for-hire doctrine and IP assignment, and liability for third-party IP infringement.

f.  Emergence of NFT Minting Service Providers: Many of our clients who are involved in this space work with NFT minting service providers. These collaborations enable our clients to participate in the NFT marketplace while shifting many of the considerations involved in issuing and selling NFTs to companies who build their business around just that. We regularly guide clients through the process of entering the NFT space, including negotiation of minting and sale contracts to ensure that these agreements satisfy consumer protection, disclosure, and other legal requirements, and appropriately allocate liability vis-à-vis the service provider.